Cortex XDR Training

LET’S GET STARTED!

• Welcome and introductions
• Intended audience and course focus
• Course objectives and modules
• Learning Center tasks

MULTI-METHOD THREAT PREVENTION, ADVANCED DETECTION, INVESTIGATIONS, AND RESPONSES

• Cortex XDR Agent
• Cortex XDR Instance
• Product Offerings and Licenses

Lab: Getting Started

• Change Endpoint Hostnames
• Generate Behavioral Script-Based Attacks

CORTEX XDR BASIC OPERATING ENVIRONMENT

• Working with Cortex XDR Cloud Components
• Working with Cortex XDR Agent

Lab: Exploring Cortex XDR Related Sites

• Access Cortex XDR Related Sites

GETTING STARTED THE MANAGEMENT CONSOLE AND AGENT DEPLOYMENT

• Cortex XDR Management Console
• Quick Launcher
• Typical Management Console Pages
• Endpoint Management

Lab: Getting Started with Endpoint Management

• Deploy Cortex XDR Agents
• Create Static and Dynamic Endpoint Groups

CREATING SETTINGS FOR SOME SPECIFIC GROUPS OF ENDPOINTS

• Profiles
• Policy Rules
• Agent Settings Profile
• Restrictions Profiles

Lab: Creating Policy Rules and Profiles

• Create Policy Rules and Profiles
• Work with Restrictions Profiles

MULTI-METHOD MALWARE DETECTION AND PREVENTION

• Malware Profiles
• Portable Executable and DLL Examination
• Behavioral Threat Protection
• Network Packet Inspection Engine
• Other Malware Protection Modules
• Endpoint Scanning

Lab: Exploring Cortex XDR Malware Protection

• Work with Malware Profiles
• Explore Ransomware Protection
• Explore Behavioral Threat Protection
• Test the New Network Packet Inspection Engine

INNOVATIVE EXPLOIT DETECTION AND PREVENTION

• Application Exploit Prevention
• Exploitation Techniques and Defense Mechanisms
• Exploit Protection Modules
• Exploit Profiles
• Working with Protected Processes

Lab: Exploring Cortex XDR Exploit Protection

• Exploit Software Vulnerabilities with Metasploit
• Work with Exploit Profiles

WORKING WITH CORTEX XDR ALERTS

• Cortex XDR Alerts
• Alert Starring Rules
• Featured Alert Fields

Lab: Working with Cortex XDR Alerts

• Working with Cortex XDR Alerts
• Create Alert Starring and Exclusions
• Add Featured Host Values

TUNING security PROFILES using protection EXCLUSIONS AND exceptions

• Alert Exclusions
• Exceptions and Exceptions Profiles
• Alert Exceptions
• Global Exceptions

Lab: Tuning Security Policies

• Work with Exceptions Profiles
• Create Alert Exceptions

CENTRALIZED RESPONSE ACTIONS TO ATTACKS

• Response Actions Overview
• Action Center
• Endpoint Response Actions

Lab: Responding to Attacks

• Respond to Alerts
• Perform Actions from the Action Center
• Work with Live Terminal

Working with Cortex XSR Agents

• Troubleshooting Methodologies and Resources
• Agent Data Stores
• Agent Identification
• Agent Log
• Working with Technical Support

Lab: Working with Basic Troubleshooting Tools

• Work with Agent Logs and Data Stores

• Broker VM Introduction
• Broker VM Deployment

Lab: Deploying Broker VMs

• Activate and Register Your Broker VM
• Activate Local Agent Settings (Agent Proxy)
• Manage Proxy Settings from Agents

Cortex XDR Operating Environment

• CSP Accounts and CSP Users
• Dependent Services and the Hub
• Dependent Services: Cortex Data Lake
• Dependent Services: Cloud Identity Engine
• Instance Activation
• Instance Access through RBAC

• Welcome and introductions
• Intended audience and course focus
• Course objectives and modules
• Learning Center tasks

INTELLIGENTLY GROUPING AND DISPATCHING ALERTS TO THE INCIDENTS

• Cortex XDR Incidents
• Working with Incidents
• Advanced View Tabs
• Incident Scoring Rules

Lab: Working with Enhanced Endpoint Data

• Analyze Alerts Stitched with Enhanced Endpoint Data
• Manage Enhanced Endpoint Data Monitoring from Endpoints

DETECTING ATTACKS using normal and abnormal behaviors

• Causality Analysis Engine: Log Stitching
• Causality Analysis Engine: Causality Chains
• Analytics Engine

Lab: Working with Incidents

• Work with the Advanced Incident View
• Score Your Incidents
• Investigate Files Using Hash View

CAUSALITY AND TIMELINE ANALYSIS OF ALERTS AND SUSPICIOUS ACTIVITIES

• Causality View
• Causality Instance Graph
• Timeline View

Lab: Causality Analysis of Alerts

• Analyze Alerts in Causality View

ADVANCED RESPONSE ACTIONS IN CORTEX XDR PRO

• Remediation Suggestions
• Remote Script Executions
• Enabling Cortex XDR EDL Service

Lab: Advanced Response Actions

• Execute Scripts on Endpoints

Investigating leads using Cortex XDR tools

• Building Simple Queries
• Managing Queries

Lab: Building Search Queries

• Build and Manage Search Queries

Using user-defined indicators of compromises

• IOC Rules
• BIOC Rules
• Custom Prevention Rules
• IOC/BIOC Suppression Rules
• Correlation Rules

Lab: Working with Cortex XDR Rules

• Managing IOC Rules
• Managing BIOC Rules
• Custom Prevention Rules

DISCOVERY, INVENTORY, AND MANAGEMENT OF NETWORK ASSETS

• Asset Inventory
• Network Configuration
• Vulnerability Assessment

Lab: Working with Network Assets

• Activate and Register a Broker VM
• Scan IP Ranges with Network Mapper
• Investigate IP Addresses Using IP View

XDR Query Language (XQL)

• XQL Search Basics
• XQL Stages
• XQL Functions
• Result Set Visualization

Lab: Getting Started with XQL Queries

• Get Started with XQL Search Page
• Create XQL Queries with Multiple Stages
• Visualize Query Results

COLLECTING EXTERNAL ALERTS AND LOGS

• External Data Collection
• Dataset Management
• External Alerts by Cortex XDR API

Lab: Working with External Data

• Create and Manage Datasets
• Insert External Alerts Using XDR API